Essential Online Security Tips for Product Owners

September 14, 2016

9:47 am

0 Shares

There are many reasons to outsource your software development project. For one, there’s usually a cost saving. In addition to this, contracting out development helps avoid the management hassle of overseeing a dev team. Finally, this practice allows you to continue focusing on the mission-critical aspects of your enterprise.

Unfortunately, there are some security risks that go along with outsourcing development, and even more risks when the software being developed will be accessible online. Fortunately, there are a few things you can do to mitigate this.

Ensure That Developers Test and Retest Input Fields

Hackers really will try to find the easiest route to access your data, or wreak havoc on your systems. If the developers that you hire are not careful, they can provide that easy route through the input fields they provide to your users.

One common method that hackers use is the SQL injection attack. Basically, instead of inputting the information you are expecting, they input a string of SQL commands. If the write safeguards aren’t in place, this string is executed directly on your production data.

Ask Your Legal Department to Include Language on Intellectual Property in Contracts

Not only do you have files that store customer information, your systems also contain intellectual property. In fact, the software that is being developed is also your intellectual property. Most networking and other IT security protocols are based on limiting access according to the needs of each individual’s job. The same should apply to your intellectual property, and customer privacy.

Audit Before Outsourcing

Never outsource without first having a professional security audit conducted. This should include an intensive look at your existing security systems, procedures, and user behavior. When you outsource your development, you are adding new users, connections, and that inherently increases your risks.

The cost of security breach is high today, if you don’t have solid security in place then those vulnerabilities are much more likely to be exploited when offshore development is added to the equation. A security audit will expose these and help ensure that all holes are plugged and that additional security measures are in place going into the future.

Limit Developer Access to Real Data

There’s no way to fully prevent developers from accessing your production data. Sometimes it’s just necessary for troubleshooting and testing. However, many companies allow much more access than they need to. Instead of doing this, consider using virtual machines, test libraries and directories, and creating test data for developers to use during the majority of the development process.

Use Reputable Vendors

One key piece of information that you must get from any potential vendor policy on data security and disaster recovery. Ask if they are in compliance with all national, international, and industry related security regulations that apply to your business. In addition to this, ask what their existing policies are as they relate to client data, intellectual property, access, and storage. Of course, you will want to check client references. You’ll also want to check to see how they are handling security when it comes to inbound and outbound email and messaging.

All of the value that you gain from outsourcing software development can be lost quickly if you do not take the steps required to secure the following:

Intellectual Property

Customer and Corporate Data

Servers and Networks

Your Website

By limiting access to production data and systems, knowing your current security weaknesses, bringing in your legal team, and ensuring that the vendor you select is on board with regard to protecting your data, you can seriously limit the potential risks.

Last week, a Huawei employee was arrested in Poland on espionage charges. However, it apparently had no relation to his work for the company, despite widely expressed fears over its links to the Chinese government and military. So is Huawei as bad as it's made out to be?

A new study has revealed the world’s 100 worst passwords, and it’s an eye-opening read. If you’ve ever given into laziness and logged in with such classics as ‘123456’ or ‘password’, then we’ve got some bad news. Find out what made the list, and how to avoid bad ...

After a wild 2018 that saw some of the biggest names in tech mired in controversy, let’s hope tech companies and CEOs take note of a certain time-honored tradition and resolve to be better in 2019. We round up the companies and CEOs most in need of new year's resolutions.

Dianna is a former ESL teacher and World Teach volunteer, currently living in France. She's slightly addicted to apps and viral media trends and helps different companies with product localization and content strategies. You can tweet her at @dilabrien